This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the AD DS or AD LDS server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (http://go.microsoft.com/fwlink/?LinkID=177813).

To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Adds the Active Directory domain controller or AD LDS instance with full Domain Name System (DNS) name %s2 to the replica set for the application directory partition with distinguished name %s1. If you specify "NULL" for %s2, then this command uses the currently connected Active Directory domain controller or AD LDS instance.

connections

Invokes the server connections submenu. See “Remarks” later in this topic for more information.

create nc %s1 %s2

Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller.

Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3.

create nc %s1 %s2 %s3

Creates the AD LDS application directory partition with distinguished name %s1 of object class %s2 on a computer named %s3. You should annotate the %s3 value with the Lightweight Directory Access Protocol (LDAP) port number. For example, type adam1.fabrikam.com:389.

If you specify "NULL" for %s3, this command uses the currently connected AD LDS instance.

delete nc %s

Completely removes the application directory partition or precreated cross-reference with distinguished name %s from AD DS or AD LDS.

list

Lists known naming contexts.

list nc information %s

Shows the reference domain and replication delays for the application directory partition with distinguished name %s.

list nc replicas %s

Shows the list of Active Directory domain controllers or AD LDS instances in the replica set for the application directory partition with distinguished name %s.

precreate %s1 %s2

Precreates a cross-reference object for the domain or application directory partition with distinguished name %s1, allowing a server with DNS name %s2 to be promoted as an Active Directory domain controller for the domain or create the application directory partition.

This can also be used to precreate cross-reference objects for application directory partitions for AD LDS. For AD LDS, %2 should be hostname:ldapPort:ldapSslPort, such as adam1.fabrikam.com:389:636.

remove nc replica %s1 %s2

Deletes the AD DS or AD LDS instance with DNS name %s2 from the replica set of the application directory partition with distinguished name %s1. If you specify "NULL" for %s2, this command uses the currently connected Active Directory domain controller or AD LDS instance.

select operation target

Invokes the Select operation target submenu.

set nc reference domain %s1 %s2

Sets the reference domain of application directory partition with distinguished name %s1 to domain with distinguished name %s2.

set nc replication notification delay %s %d1 %d2

Sets the notification delays of directory partition with distinguished name %s to %d1 and %d2 seconds, where %d1 is the delay between notifying the first Active Directory domain controller or AD LDS instance of changes and %d2 is the delay of notifying subsequent Active Directory domain controllers or AD LDS instances of changes. If you specify -1 in either #d1 or %d2, this command will not modify the corresponding delay (in case you are trying to modify only one delay). If you specify any other negative number, the command will delete the delay. Delays are always set on the naming master.

Before you can run the DS behavior subcommand, connect to a specific AD Ds or AD LDS instance by using the connections parameter.

Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles (http://go.microsoft.com/fwlink/?LinkId=157320).